From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail.toke.dk (mail.toke.dk [IPv6:2a00:7660:6da:2001::664])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 4440E3B2A4;
 Thu, 19 Sep 2019 13:50:47 -0400 (EDT)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023;
 t=1568915445; bh=ayRIe+Y9URj2DmXD12TuS7SyhOTf0k0qAv0Uvn9xaeU=;
 h=From:To:Subject:Date:From;
 b=SzB65wmtHrEnDwR9kmq0K2GG+n8vkXOLcaXfDfbaNGSN0E7peZSiqcypcOCjxXLR+
 8QSeXE0Gb0X4bijvqqTCSrCjmrGyRuKK2IqeJiWv9Z40JMGddqaVU8Bv1dsWfg58tr
 jS6VWG5TiAVjCOSam1YF4quApDBVbhgfauFAzpNoMwjfEKKUSgdQMbORxhtfmuPOIU
 xhz0jtaq/o/MnG8IxgsDRBshNFOE83NR4aS8KZVVR4evHfibpBYU/1t23ckPe7CKb1
 L8RGc6pTcCwKs3jYrUTYLHS3pGvfF3yIyRBzb2lTwUbx0vpA3kb2q3sZRR/n1WoRF0
 0oJn5VzrCoyyQ==
To: ecn-sane@lists.bufferbloat.net, bloat@lists.bufferbloat.net
Date: Thu, 19 Sep 2019 19:50:45 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87o8zgdvka.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Bloat] Issue with negotiating ECN with Cloudflare hosts?
X-BeenThere: bloat@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: General list for discussing Bufferbloat <bloat.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat>,
 <mailto:bloat-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat>
List-Post: <mailto:bloat@lists.bufferbloat.net>
List-Help: <mailto:bloat-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat>,
 <mailto:bloat-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 17:50:47 -0000

Is anyone else experiencing problems negotiating ECN when connecting to
Cloudflare? I see this for most sites protected by Cloudflare (such as
bufferbloat.net), but only when using IPv4:

# sysctl -w net.ipv4.tcp_ecn=1
net.ipv4.tcp_ecn = 1
# curl -v 1.1.1.1
*   Trying 1.1.1.1:80...
* TCP_NODELAY set
* Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/7.66.0
> Accept: */*
> 
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer


# sysctl -w net.ipv4.tcp_ecn=0
net.ipv4.tcp_ecn = 0
# curl -v 1.1.1.1
*   Trying 1.1.1.1:80...
* TCP_NODELAY set
* Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/7.66.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 19 Sep 2019 17:42:22 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: https://1.1.1.1/
< Served-In-Seconds: 0.000
< CF-Cache-Status: HIT
< Age: 4442
< Expires: Thu, 19 Sep 2019 21:42:22 GMT
< Cache-Control: public, max-age=14400
< Server: cloudflare
< CF-RAY: 518d5b13fcfcd43f-HAM
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare-lb</center>
</body>
</html>
* Connection #0 to host 1.1.1.1 left intact


I've opened a support request with my ISP, but thought I'd ask if anyone
else was seeing this? (Is anyone else running with ECN enabled?)

-Toke